A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst the vulnerabilities, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.
On November 03, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a list of known exploited vulnerabilities in a directive aimed at organizations from all sectors. With regular upates to the list, the final count now stands at 703 KEVs. The CISA list puts special emphasis towards patching known and exploited vulnerabilities associated with software and hardware commonly found on the US federal information systems, and those used by third party agencies.
On November 15, 2021, CISA published a list of vulnerabilities as part of the Industrial Control Systems Advisory (ICSA) that are found in data distribution and implementation service software.
Our security analysts took a deeper look at the list and discovered that several of the vulnerabilities have been exploited by or are associated with multiple ransomware groups.
| Ransomware CVEs | 158 |
| Exploited CVEs | 116 |
| CVEs with RCE/PE | 100 |
| Total trending CVEs | 138 |
CSW Ransomware Reports Call Out 157 of the 158 vulnerabilities
CSW experts have mentioned 157 of the 158 vulnerabilities that have ransomware associations in the Ransomware Spotlight Report 2021 and 2022, and their subsequent index updates.
We have also identified a total of 138 unique ransomware groups that are associated with the ransomware vulnerabilities in CISA’s KEVs. Our researchers have also noted that out of a total of 158 ransomware vulnerabilities, 86 vulnerabilities are also actively exploited by Advanced Persistent Threat (APT) groups.
CVEs with Most Ransomware Associations
The top five CVEs with the highest number of ransomware family associations include:
|
CVE IDs |
No. of Ransomware Associations |
|---|---|
|
CVE-2018-4878 |
41 |
|
CVE-2017-0144 |
17 |
|
CVE-2017-0145 |
16 |
|
CVE-2017-0147 |
13 |
|
CVE-2019-19781 |
12 |
Top Vendors Affected by Ransomware
Our research on the vendors most affected by ransomware puts Microsoft at the top of the list with 737 affected products, and Apache in second position with 607 products.
Here is a detailed insight into the Top Vendors Affected by Ransomware.
|
Vendor |
Overall Affected Products |
Most Critical CVE |
Ransomware Associations |
|---|---|---|---|
|
Microsoft |
737 |
CVE-2020-1472 |
7 |
|
Apache |
607 |
CVE-2017-5638 |
4 |
|
VMware |
577 |
CVE-2021-21972 |
2 |
|
Oracle |
530 |
CVE-2019-2725 |
7 |
|
Adobe |
314 |
CVE-2018-15982 |
5 |
Top Products Affected by Ransomware
Our analysts noted that Oracle’s Java Software Environment was the worst hit by ransomware and accounted for 497 affected products. VMWare’s ESXi and Horizon DaaS Appliances take the second spot. The Apache Log4j logging library that created a security storm in late 2021 comes in third with 378 affected products, closely followed by Microsoft Windows, Windows Server and the popular Office suite. Zoho ManageEngine Self Service engine makes the cut into the top five most affected products.
|
Product |
Vendors |
No. of Products Affected |
|---|---|---|
|
Java SE |
Oracle |
497 |
|
ESXi, Horizon DaaS Appliances |
VMware |
474 |
|
Log4j2 |
Apache |
378 |
|
Windows, Windows Server, Office |
Microsoft |
340 |
|
ManageEngine ADSelfServicePlus |
Zoho |
170 |
Top Trending CVEs
There are a total of 138 CVEs that are trending, of which Microsoft has a majority of products. Of these vulnerabilities, our team of expert pentesters have prioritized a handful of them for further research. Here is an in-depth analysis of the trending CVEs selected by our researchers which have the largest impact:
|
CVE |
Vendor |
Product |
Severity | CVSS V3 Score |
Number of Products Affected |
|---|---|---|---|---|
|
CVE-2017-5638 |
Apache |
Struts |
Critical | 10.0 |
53 |
|
CVE-2020-0796 |
Microsoft |
SMBv3 |
Critical | 10.0 |
4 |
|
CVE-2020-1472 |
Microsoft |
Netlogon Remote Protocol (MS-NRPC) |
Critical | 10.0 |
24 |
|
CVE-2021-22205 |
ExifTool |
ExifTool |
Critical | 10.0 |
6 |
|
CVE-2021-44228 |
Apache |
Log4j2 |
Critical | 10.0 |
378 |
Ransomware CVEs that Ought to be Patched in June 2022
Out of the 138 most trending vulnerabilities, CISA has identified 3 that need to be patched by June 2022.
|
CVE |
Vendor |
Product |
CVSS Severity |
|---|---|---|---|
|
CVE-2017-0147 |
Microsoft |
SMBv1 server |
MEDIUM |
|
CVE-2017-12149 |
Red Hat |
JBoss Application Server |
CRITICAL |
|
CVE-2018-14847 |
MikroTik |
RouterOS |
CRITICAL |
For an overall analysis of all CISA warned vulnerabilities, and those that need to be addressed immediately, refer to our blog.
Fix these Vulnerabilities Now! Conduct Regular Ransomware Pentesting Assessments to Secure your Attack Surface.
Of the known and exploited vulnerabilities that CISA places emphasis on in their directive for organizations to patch, vulnerabilities with ransomware associations require immediate attention and urgent patching.
At CSW, our expert pentesters and security researchers can help you prioritize the patching of the ransomware vulnerabilities and ensure that all organizations meet the deadlines set by the directive.
CSW experts believe that organizations that conduct monthly or quarterly ransomware penetration assessments have a greater chance of identifying and fixing vulnerabilities that can potentially affect their systems, thereby ensuring a secure attack surface. This in turn helps to improve an organization’s cyber hygiene, reinforces security management teams and boosts brand reputation.
Worried about how susceptible your organization is to a ransomware attack?
Get a Ransomware Penetration Test done today!
Click here to talk to us.